<?php
session_start();
?>


<?php
//Retaining Variables
$username = $_SESSION['username'];
$old_password = $_REQUEST['old_password'];
$new_password = $_REQUEST['new_password'];

if($username==null || $username== ""|| $username == "")
{
	header('Location: http://172.26.195.159/checklist/php/index.php');
}
?>


<?php

//creating a connection.
$con = mysql_connect("localhost","root","");
mysql_select_db("checklist", $con);

$check = "select * from employees where username = '$username' and password = '$old_password'";
$result = mysql_query($check);

//Check if password is ok
if(mysql_num_rows($result))
{
$check1 = "update employees set password = '$new_password' where username = '$username'";
$result = mysql_query($check1);
echo '<script type="text/javascript">','alert("Congrats , your password has been changed , Please login again");',
'window.location = "http://172.26.195.159/checklist/php/index.php";' ,'</script>';
}

else
{
echo '<script type="text/javascript">','alert("Sorry Wrong password entered , please try again");',
'window.location = "http://172.26.195.159/checklist/php/changePassword.php";' ,'</script>';
}
?>